11 Jan 2021

High Court Rules Against Government Bulk Hacking

The High Court in the UK ruled against the intelligence agencies’ use of bulk hacking for domestic targets. Edward Snowden revealed the use of hacking to target large numbers of users simultaneously in 2014.  In 2016, the Non-profit Privacy International challenged the practice in a secretive court for cases involving

Read More
11 Jan 2021

Russian Hacker Sentenced to 12 Years for Role in Breaches of JP Morgan, Others

Andrei Tyurin was sentenced to 12 years in prison after his role in a global hacking campaign. The campaign accessed personal information for more than 80 million JP Morgan Chase customers. This breach was the largest-ever of a financial institution in the United States.  From 2012 to 2015, Tyurin hacked

Read More
11 Jan 2021

New Zealand Central Bank Hit by Cyber Attack

On Sunday, New Zealand’s central bank was responding to a breach of one of its data systems. The third-party file accessed stored “sensitive information”. The Governor of the Reserve Bank of New Zealand, Adrian Orr, stated the breach was contained and the extent of the information accessed would take time

Read More
11 Jan 2021

Over 100,000 UN Employee Records Accessed by Researchers

Over 100,000 United Nations employee records and credentials were able to be accessed by security researchers in only hours. Sakura Samurai created a team to look for bugs to report to the UN under its vulnq disclosure program. Using the git-dumper tool, an exposed subdomain for UN program the International

Read More
08 Jan 2021

Emotet Tops Malware Charts in December After Reboot

The Emotet Trojan, after undergoing a makeover, is back at the top of malware charts, according to Check Point’s Global Threat Index for December 2020. Emotet was re-designed to boast more evasive strategies that prevent detection. The malware was in fifth place in the Global Threat Index in November but

Read More
08 Jan 2021

Babuk Locker Targets Large Corporations in the New Year

A new ransomware strain has been discovered and named Babuk Locker, just days into the New Year. According to new research by Chuong Dong of Georgia Tech, the ransomware has successfully compromised five companies since its discovery. Dong claims that he first saw the ransomware mentioned in a tweet, and

Read More
08 Jan 2021

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

After the destructive riots that wreaked havoc on the United States Capitol building on Wednesday, the next issue at hand is mitigating the risks of having demonstrators access government systems. The congressional support staff is dealing with logistics such as cleanup, repairs, and securing the offices and digital systems after

Read More
07 Jan 2021

Nissan Source Code Leaked via Misconfigured Git Server

A misconfigured Git server has resulted in sensitive information pertaining to the company Nissan being leaked. The information exposed in the breach includes the source code of mobile apps, diagnostics tools, market research tools, and sensitive data. The Git server was left publicly exposed with a default username and basic

Read More
06 Jan 2021

Crypto-Hijacking Campaign Leverages New Golang RAT

An emerging operation leverages a new Remote Access Tool (RAT) that is designed to steal crypto-currency from users. Since January 2020, ElectroRAT, as named by Intezer, has been active in a full marketing campaign complete with applications, social media accounts and websites. The RAT is written in Golang and is

Read More
06 Jan 2021

SolarWinds Hit With Class-Action Lawsuit Following Orion Breach

SolarWinds and some of its executives have been accused of lying to shareholders about its security. In a class-action lawsuit filed by shareholders Solarwinds, outgoing CEO Keven Thompson, and CFO Barton Kalso are named as defendants. The suit claims that there were false and misleading statements made from the company

Read More